This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Danny
Champion Champion
Champion
‎2021-10-11 11:40 PM

Gaia Health Check Script v7.17 released

Check Point released v7.17 of it's Gaia Health Check Script

Also available as SmartConsole Extension!

Script author: @Nathan_Davieau (LinkedIn profile)
QA Director: @Barak_Ran (LinkedIn profile)

What's new:

What's missing:

  • Endpoint Security and VPN Client versions check on Log Servers to warn if unsupported clients still connect (Plea)
  • Many checks listed in Check Points Professional Service health check (sample report)
  • USFW best practices checks as described in sk167052
  • Checks from Check Points performance investigation procedure (sk167553)
  • Check if updatable objects are present on gateway (sk121877)

Download

Package Link Date 
healthcheck.sh script v7.17 September 14th, 2021
 

Installation

nc -z -w 3 supportcenter.checkpoint.com 443; if [[ $? -eq 0 ]]; then curl_cli -o healthcheck.tmp -f -s -k "https://supportcenter.checkpoint.com/supportcenter/portal/role/supportcenterUser/page/default.psml/media-type/html?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=59369"; l=`grep "HashKey" healthcheck.tmp | head -n1 | awk '{print $3}' | sed 's/href="//' | sed 's/">//'`; s=`echo $l | awk -F/ '{print $6}'`; curl_cli -o healthcheck.sh -f -s -k $l; if [[ `md5sum healthcheck.sh | cut -d " " -f1` == $s ]]; then chmod +x healthcheck.sh; ls -la healthcheck.sh; else echo "MD5 hash mismatch of Gaia healthcheck script. Aborting."; rm healthcheck.sh; fi; rm -f healthcheck.tmp; else echo "No HTTPS access to supportcenter.checkpoint.com for script download -> see sk83520"; fi
 

Sample Output - Security Management

 
Physical System Checks
Category Title Result
System Uptime OK
OS Edition OK
NTP NTP Daemon OK
Disk Space Free Disk Space INFO
Memory Physical Memory OK
Swap Memory OK
CPU CPU idle% OK
CPU user% OK
CPU system% OK
CPU wait% OK
CPU interrupt% OK
Interface
Statistics

 

 RX Errors OK
RX Drops OK
RX Missed Errors OK
RX Overruns OK
TX Errors OK
TX Drops OK
TX Carrier Errors OK
TX Overruns OK
Known Issues Issues found in logs WARN
FTW After Jumbo OK
Processes Zombie Processes OK
Process Restarts OK
Core Files Usermode Cores Present OK
Kernel Cores Present OK
Check Point CPInfo Build Number OK
CPUSE Build Number OK
Jumbo Version WARN
CP Version OK
Licensing Licenses OK
Contracts WARN
Debugs Active tcpdump OK
Active Debug Processes OK
CPM Debugs OK
TDERROR Configured OK
 
Security Management Checks
Category Title Result
Mgmt Status API OK
CPM OK
Configuration GUI Clients OK
1 Reply
MarcP
Participant
‎2021-12-07 09:42 AM

Thanks so much for your continuous updates and improvements to the script! Much appreciated!

Of late I have noticed an issue that I thought I would raise with you. Let's say I have an R80.30 or R80.40 system and I use the "Blink" upgrade process to upgrade to R81 with latest JHF. After the upgrade the health check script flags a warning about the jumbo install before the FTW was completed. Wondering if this is something the script is picking up incorrectly or something with the Blink process that causes this. I have a support case opened and the recommendation is to re-run the FTW which seem to be a bit of an inconvenience. Appreciate hearing your thought on this.

Thanks!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events